Re: [OT] change user when executing some script

To: debian-user@lists.debian.org
Subject: Re: [OT] change user when executing some script
From: Galevsky <galevsky@gmail.com>
Date: Thu, 14 Jun 2007 14:04:15 +0200
Message-id: <[🔎] d5cfc3af0706140504i5ce85614racab62ca3374a6b2@mail.gmail.com>
In-reply-to: <[🔎] d5cfc3af0706140158m50594aabxba93d7eaada46736@mail.gmail.com>
References: <[🔎] d5cfc3af0706130812m41baa46eu3c63befc19cff855@mail.gmail.com> <[🔎] 20070613231859.GC13597@titan> <[🔎] 20070614064246.GB11647@dementia.proulx.com> <[🔎] d5cfc3af0706140158m50594aabxba93d7eaada46736@mail.gmail.com>

Hereafter is one of the solutions:

the files handled by the script must reside into a user1 directory
with setgid flag turned on, and 775 permissions mode. All the files
created into this dir will belongs to user1' group. So, user2 will
launch the script and generate a user2,user1group permission file.
When user3 will launch the script later, he will get the user1
permissions thanks to the setguid flag on the script, and will be able
to delete the user2,user1group file. Note that you can set the
sticky-bit on the directory to prevent the erase even if user1 shares
its permissions with others (not the case here).


Gal'

2007/6/14, Galevsky <galevsky@gmail.com>:

Thank you guys. Unfortunately, I cannot do that since I am not root
and can neither add group nor modify any /etc/*. That is the reason
why I was looking for a solution to change the user when executing the
script. setuid and setgid are nice to apply the script owner
permissions to the users, but the file creation is done on behalf of
users and not of script owner. So file deletion..... cannot run.

Gal'

2007/6/14, Bob Proulx <bob@proulx.com>:
> Douglas Allan Tutty wrote:
> > Galevsky wrote:
> > > How can I make the /home/user1/testfile belong to user1, the owner of
> > > the script instead of the user that launches it ?
> >
> > On DEBIAN, to remove a file, you need write permissions on the directory
> > in which it resides.  I suppose user1 could give group write to the
> > directory.  You would then create a group and put user[1-3] in that
> > group.
>
> Yes.  That would be good.
>
> Do this in a subdirectory of your home.  If your $HOME is writable by
> others, group write, then many programs will refuse to trust files
> there.  (e.g. sendmail/postfix/exim, procmail, ssh, etc.)
>
> Bob
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: [OT] change user when executing some script
  - From: bob@proulx.com (Bob Proulx)

References:
- [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>
- Re: [OT] change user when executing some script
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: [OT] change user when executing some script
  - From: bob@proulx.com (Bob Proulx)
- Re: [OT] change user when executing some script
  - From: Galevsky <galevsky@gmail.com>

Prev by Date: mdadm.conf and mkconf inconsistencies
Next by Date: Network card found but not configured with Etch / 2.6 kernel
Previous by thread: Re: [OT] change user when executing some script
Next by thread: Re: [OT] change user when executing some script
Index(es):
- Date
- Thread